Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TDvtj7ZWR0LdyAlr_OSSyov5xoM.roa
File:                     TDvtj7ZWR0LdyAlr_OSSyov5xoM.roa (raw, json)
Hash identifier:          hw3KP1u6myGw+KRspQqV8Q52MqXTV29QidS37RjJRCw=
Subject key identifier:   4C:3B:ED:8F:B6:56:47:42:DD:C8:09:6B:FC:E4:92:CA:8B:F9:C6:83
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187BDB1D70F27812FA82601E9C133FEF62C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TDvtj7ZWR0LdyAlr_OSSyov5xoM.roa
Signing time:             Wed 26 Apr 2023 13:12:41 +0000
ROA not before:           Wed 26 Apr 2023 13:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:bd:b1:d7:0f:27:81:2f:a8:26:01:e9:c1:33:fe:f6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 26 13:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c3bed8fb6564742ddc8096bfce492ca8bf9c683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:cf:f0:fe:d2:26:11:df:3b:35:16:88:9b:a5:
                    b2:4a:79:ad:6d:0b:01:27:ee:f9:c0:eb:90:0f:65:
                    60:28:c4:c7:43:8f:89:49:a0:8b:8d:ca:09:88:b1:
                    0d:f7:56:5d:4e:9e:c4:32:9a:26:53:50:f5:d0:28:
                    c7:9d:a8:25:e9:04:d8:a4:7e:d0:11:e1:a1:52:fb:
                    d9:a6:0c:39:e8:84:6d:9d:c4:84:3c:87:4d:5c:d6:
                    16:8a:bf:c3:01:61:44:50:e0:99:ba:e2:c1:3b:c1:
                    77:98:dc:18:e4:9f:78:55:6c:d3:0e:ec:cc:c2:8e:
                    4d:78:27:0e:ad:ff:c2:29:33:61:52:eb:6e:0c:41:
                    32:e3:c2:05:23:37:a1:72:f4:27:8f:49:49:e1:b6:
                    43:3c:f5:5e:a3:a0:10:d7:b6:d2:d3:bd:25:06:8c:
                    9d:aa:45:23:cd:10:1d:2d:b9:88:2f:0b:b6:cb:f6:
                    71:79:d7:97:25:2d:28:42:0e:65:55:ea:42:00:4f:
                    9d:a7:bf:1b:1e:41:54:a9:8e:3e:1e:82:07:c9:d0:
                    38:f9:3f:08:76:da:7a:da:cb:46:ef:8a:b3:a8:fe:
                    2a:91:90:94:58:10:7c:6b:65:8d:b6:ff:d3:a0:67:
                    83:48:4f:43:5e:72:db:d9:f2:39:49:8e:38:43:35:
                    c6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3B:ED:8F:B6:56:47:42:DD:C8:09:6B:FC:E4:92:CA:8B:F9:C6:83
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TDvtj7ZWR0LdyAlr_OSSyov5xoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:5c:96:62:48:de:d7:49:42:5b:94:e1:b4:d4:a0:ba:7c:78:
         b9:49:74:f8:53:e0:3d:36:94:5a:fd:75:89:16:d9:75:61:39:
         11:35:9a:9b:3a:bf:51:93:74:4f:54:f0:a8:21:81:38:86:97:
         a5:b5:24:20:2e:93:92:8c:a1:c9:36:26:26:fa:25:d3:9e:96:
         18:2a:d9:f6:50:44:e0:55:d1:5b:65:96:3b:ec:b0:70:e7:60:
         94:fe:b8:19:6c:79:cd:67:4b:d0:ef:50:c7:3f:15:84:57:53:
         7b:9b:0a:90:da:47:52:b5:76:f9:d6:0f:cd:34:63:91:e3:ab:
         b8:cf:c8:1c:fd:df:c9:4d:eb:97:a0:8c:ba:4d:ae:d0:43:dd:
         b5:f6:58:40:92:74:23:a1:38:ca:0b:9d:ff:bd:5d:8b:af:64:
         aa:b3:bc:47:8e:a6:84:87:78:8f:d6:bb:da:6f:89:99:7f:eb:
         20:55:e8:f6:e0:e6:df:16:87:f1:c9:a0:14:78:41:bf:5c:2d:
         94:66:3a:74:13:f3:4d:e1:2c:a2:c4:64:b8:3d:63:3f:46:1f:
         60:6a:98:62:9b:a7:9e:0c:2c:33:d5:5c:3b:10:9e:2f:32:86:
         4a:37:ed:e0:38:cd:9e:64:78:32:16:0f:3f:ac:e4:48:f6:af:
         88:a5:71:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe9sdcPJ4EvqCYB6cEz/vYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI2MTMxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNiZWQ4ZmI2NTY0NzQyZGRjODA5NmJmY2U0OTJjYThiZjljNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgM/w/tImEd87NRaIm6WySnmtbQsB
J+75wOuQD2VgKMTHQ4+JSaCLjcoJiLEN91ZdTp7EMpomU1D10CjHnagl6QTYpH7Q
EeGhUvvZpgw56IRtncSEPIdNXNYWir/DAWFEUOCZuuLBO8F3mNwY5J94VWzTDuzM
wo5NeCcOrf/CKTNhUutuDEEy48IFIzehcvQnj0lJ4bZDPPVeo6AQ17bS070lBoyd
qkUjzRAdLbmILwu2y/ZxedeXJS0oQg5lVepCAE+dp78bHkFUqY4+HoIHydA4+T8I
dtp62stG74qzqP4qkZCUWBB8a2WNtv/ToGeDSE9DXnLb2fI5SY44QzXG1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEw77Y+2VkdC3cgJa/zkksqL+caDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVER2dGo3WldSMExkeUFscl9PU1N5b3Y1eG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJdclmJI3tdJQluU4bTU
oLp8eLlJdPhT4D02lFr9dYkW2XVhORE1mps6v1GTdE9U8KghgTiGl6W1JCAuk5KM
ock2Jib6JdOelhgq2fZQROBV0VtlljvssHDnYJT+uBlsec1nS9DvUMc/FYRXU3ub
CpDaR1K1dvnWD800Y5Hjq7jPyBz938lN65egjLpNrtBD3bX2WECSdCOhOMoLnf+9
XYuvZKqzvEeOpoSHeI/Wu9pviZl/6yBV6Pbg5t8Wh/HJoBR4Qb9cLZRmOnQT803h
LKLEZLg9Yz9GH2BqmGKbp54MLDPVXDsQni8yhko37eA4zZ5keDIWDz+s5Ej2r4il
caw=
-----END CERTIFICATE-----